Privacy Policy

Privacy Policy – Two Hills Lab (Two Hills Software)

Last Updated: January 8, 2026

This policy explains how we collect, use, and protect your personal data when you use our website, in accordance with the Israeli Privacy Protection Law, and where applicable, the EU General Data Protection Regulation (GDPR).

1) Who We Are

• Website/Business Name: Two Hills Lab (“the Website”, “we”, “us”)

• Owner/Controller: Dr. Guy Shaked

• Privacy Contact Information:

  • Email: shaked69@gmail.com

  • Phone: +972-52-7497628

  • Address: P.O.B. 413, Givatayim, Israel

---

2) What Information We Collect

2.1 Information Provided Voluntarily

When you fill out forms on the site (e.g., contact/registration forms), we may collect:

• Full name

• Email address

• Phone number (if provided)

• Content of your message

• Marketing consent (Opt-in)

• Operational/Security Data: Date/time of submission and IP address (for security and spam prevention).

2.2 Donations and Purchases via WooCommerce

The site allows for donations through WooCommerce (“Donation Products”). During a transaction, WooCommerce may process:

• Donor/Customer details: Name, email, and billing address.

• Order details: Donation amount, Order ID, status, and timestamp.

• Technical Payment Data: We do not store full credit card details. Payments are processed securely via PayPal or other integrated payment gateways in compliance with PCI-DSS standards.

2.3 Technical and Usage Data (Cookies & Analytics)

We collect technical data which may include:

• Pages viewed, time spent on site, and navigation patterns.

• Device type, browser version, operating system, and language settings.

• IP address (anonymized where possible for analytics).

We use tools such as:

• Google Analytics: For statistical measurement of user traffic.

• Google Search Console: For performance monitoring and site health.

---

3) Legal Basis for Processing (GDPR Compliance)

Under the GDPR, we process your data based on the following legal grounds:

• Consent: When you explicitly agree to cookies or sign up for a newsletter.

• Contractual Necessity: When processing is required to fulfill a donation or service request.

• Legitimate Interests: For website security, fraud prevention, and analyzing aggregate trends to improve our services.

• Legal Obligation: For bookkeeping, tax purposes, and complying with legal requests.

---

4) Cookies and Consent Management

4.1 What are Cookies?

Cookies are small text files stored in your browser or local device that allow the website to function correctly, remember preferences, and analyze performance.

4.2 How We Manage Cookies (CookieYes)

In compliance with European standards, we use the CookieYes plugin to manage your consent.

• Prior Consent: Non-essential cookies (Analytics/Marketing) are blocked by default until you provide explicit consent via the cookie banner.

• Granular Control: You can accept or reject specific categories of cookies.

• Withdrawal: You can change your preferences at any time by clicking the “Cookie Settings” icon/link available on the site.

• Browser Settings: You can also block cookies via your browser settings, though some site features may not function correctly.

4.3 Google Analytics

If you consent to “Analytics” cookies, Google Analytics will collect data on how you use the site. We use this information to improve user experience. Your IP address is masked/anonymized to protect your identity.

---

5) Data Sharing (Third-Party Processors)

We do not sell your personal data. We share data only with trusted service providers (Data Processors) to operate the site:

• Hosting/Backups: Hostinger

• Email Services: Titan Mail, Gmail, Smoove

• Analytics: Google (Analytics, Search Console)

• Platform: WordPress/WooCommerce

• Payment Processing: PayPal (or your chosen provider)

All service providers are contractually bound to protect your data and comply with relevant privacy laws.

---

6) International Data Transfers

While we are based in Israel, some of our service providers (like Google or Hostinger) may process data in the EU or the USA.

• Israel: Recognized by the European Commission as providing an “adequate level of protection” for personal data.

• USA: We ensure that transfers to the US are protected by standard contractual clauses (SCCs) or the EU-U.S. Data Privacy Framework.

---

7) Data Retention

We keep your information only as long as necessary for the purposes it was collected:

• Contact Forms: Up to 24 months.

• Security Logs/IP addresses: Up to 12 months.

• Marketing Data: Until you unsubscribe (Opt-out).

• Donation/Financial Records: Kept in accordance with Israeli and international tax laws (typically 7 years).

---

8) Security

We implement robust technical and organizational measures:

• HTTPS/SSL Encryption for all data transmission.

• Access Controls and strong password policies.

• Regular software and plugin updates.

• Periodic backups and event logging.

---

9) Your Rights (GDPR & Israeli Law)

You have the following rights regarding your data:

• Right of Access: Request a copy of the data we hold about you.

• Right to Rectification: Request correction of inaccurate information.

• Right to Erasure (“Right to be Forgotten”): Request deletion of your data (subject to legal retention requirements).

• Right to Restriction/Objection: Object to processing based on legitimate interests.

• Right to Data Portability: Receive your data in a structured, machine-readable format.

• Right to Withdraw Consent: At any time (e.g., for marketing or cookies).

To exercise your rights: Please contact us at shaked69@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with a Data Protection Authority (DPA) in the EU or the Israeli Privacy Protection Authority.